= CVE-2020-8492 Speed Tests
CVE-2020-8492 describes a DOS opportunity for malicious servers
responding to requests from the Python built-in urllib
library.
A malicious server can send up to 65,509 additional commas in the WWW-Authenticate
header,
which triggers an O(2**n)
evaluation of a regular expression.
This folder contains a sample malicious server (in Python 3), and sample vulnerable clients (in Python 2 and 3)
It also contains scripts to test the speed of various alternative regular expressions or parsing methods. These stop once a threshold time has been reached, so you can still do meaningful timing.